67 matches found
CVE-2021-22966
Privilege escalation from Editor to Admin using Groups in Concrete CMS versions 8.5.6 and below. If a group is granted "view" permissions on the bulkupdate page, then users in that group can escalate to being an administrator with a specially crafted curl. Fixed by adding a check for group...
WordPress Email Subscribers & Newsletters plugin <= 5.9.10 - Missing Authentication to Unauthenticated Mailing Queue Trigger vulnerability
Missing Authentication to Unauthenticated Mailing Queue Trigger vulnerability discovered by Adrian Lukita in WordPress Plugin Email Subscribers & Newsletters versions = 5.9.10...
EUVD-2024-34506
Malicious code in bioql PyPI...
EUVD-2025-11629
Malicious code in bioql PyPI...
EUVD-2024-37613
Malicious code in bioql PyPI...
EUVD-2025-19284
Malicious code in bioql PyPI...
EUVD-2025-28557
Malicious code in bioql PyPI...
CVE-2025-47654
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Reflected XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.20...
CVE-2025-49452
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Ladó PostaPanduri postapanduri allows SQL Injection.This issue affects PostaPanduri: from n/a through = 2.1.3...
CVE-2025-49452 WordPress PostaPanduri <= 2.1.3 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Ladó PostaPanduri allows SQL Injection. This issue affects PostaPanduri: from n/a through 2.1.3...
CVE-2025-49452
CVE-2025-49452 affects the WordPress plugin PostaPanduri up to version 2.1.3 and is rooted in improper neutralization of special elements in SQL commands (SQL Injection). The vulnerability is exploitable over the network with no user interaction and could lead to high confidentiality impact and l...
CVE-2025-49425
Cross-Site Request Forgery CSRF vulnerability in Adrian Hanft Konami Easter Egg konami-easter-egg allows Stored XSS.This issue affects Konami Easter Egg: from n/a through = v0.4...
CVE-2025-27302
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Claudio Adrian Marrero CHATLIVE chatlive allows SQL Injection.This issue affects CHATLIVE: from n/a through = 2.0.1...
CVE-2025-27302 WordPress CHATLIVE plugin <= 2.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Claudio Adrian Marrero CHATLIVE chatlive allows SQL Injection.This issue affects CHATLIVE: from n/a through = 2.0.1...
CVE-2025-27302 WordPress CHATLIVE plugin <= 2.0.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Claudio Adrian Marrero CHATLIVE chatlive allows SQL Injection.This issue affects CHATLIVE: from n/a through = 2.0.1...
CVE-2025-27302
CVE-2025-27302 : WordPress CHATLIVE plugin (
CVE-2025-31434
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms formlift allows Stored XSS.This issue affects FormLift for Infusionsoft Web Forms: from n/a through = 7.5.19...
CVE-2025-23663
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Adrian Vaquez Contexto contexto allows Reflected XSS.This issue affects Contexto: from n/a through = 1.0...
WordPress Zephyr Project Manager plugin < 3.3.99 - Editor+ stored XSS vulnerability
Editor+ stored XSS vulnerability discovered by Adrian Peña Barragan in WordPress Plugin Zephyr Project Manager versions 3.3.99...
CVE-2024-38773
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adrian Tobey FormLift for Infusionsoft Web Forms allows Blind SQL Injection.This issue affects FormLift for Infusionsoft Web Forms: from n/a through 7.5.17...